cancel
Showing results for 
Search instead for 
Did you mean: 

Stupid IKEv2 Questions

Highlighted
Occasional Contributor

Stupid IKEv2 Questions

I've configuring IKEv2 to work with our Win10 and Win7 clients - first time dealing with IKE implementation, and I was wondering on the Certificates for machine Authentication. Should the client certificate CN contain the full FQDN (MyVPN.MyDomain.com) of the VPN appliance? or just the hostname (MyVPN)

 

 

 

As for the internal and external port certificates - do these need to match the certificate that I want to use on the clients?

 

I have the CA for client and server installed on both my clients, and my PCS - however the clients are still coming up with Authentication creds are unacceptable.

 

1 REPLY 1
Moderator

Re: Stupid IKEv2 Questions

i do not know if the user/client/machine certificate needs to have the VPN name configured
yes, the certificate(s) hosted on the NIC should have the proper name that matches the IKEv2 configuration on the client
what is the rest of your IKEv2 configuration look like? what does your user access log report?